iMesh Runs Arbitrary Code

DESCRIPTION iMesh is a service that enables people to locate and share files.According to a report from a person using the pseudonym Blue Panda, iMesh 1.02, builds 116 and 177, are vulnerable to a buffer overflow that may execute arbitrary code.

Upon connecting to a given server, iMesh listens on a variable TCP port. An intruder could connect to that arbitrary port and then instigate a buffer overrun to execute on the remote machine.

VENDOR RESPONSE

According to the discoverer, iMesh is aware of the issue and will provide a fix in the next release of their product.